Proposed title of this feature request

Virtual media server TLS flexibility for baremetal installs

What is the nature and description of the request?

At the time of writing, the Virtual media server component in the cluster-baremetal-operator is currently an "all or nothing" approach from the perspective of using TLS to mount generated ISO images.  The default of this in OpenShift 4.10 is to utilize TLS.  While this is fine for BMC's that implement it properly, some OEM system vendor models have trouble when using a non-standard port for authenticated TLS connections not on port 443.  In order to use certain baremetal servers, one must utilize the disableVirtualMediaTLS: true flag in the Provisioning CR, which is consumed by the cluster-baremetal-operator.

The ask of this request is to support a model where mixed TLS options can be utilized on a BareMetalHost basis, or some other means.

Why does the customer need this? (List the business requirements here)

Customers who desire to have mixed server vendor models in their OpenShift clusters, must disable TLS in order to cater to those models that don't implement TLS properly in their BMC.  This reduces the overall security of their environment where the virtual media server is "all or nothing" today.

The ask is to provide a more granular way of keeping TLS enabled for hardware platforms that support it (controlled by a single instance of BMO) and turning TLS off for those hardware platforms that don't support it today.

List any affected packages or components.

• Red Hat Advanced Cluster Management for Kubernetes
• multicluster-engine
• cluster-baremetal-operator
• OpenShift IPI